CNT4009_Script_SimpleEnglish

CNT4009 — Cyber Security Aflac Data Breach 2025 / 2026 Presentation Script Module: CNT4009 | 2026 SLIDE 1 — Title Slide ⏱ About 45 seconds Hello everyone. My name is Manuka Pabasara Weerasinghe. Today I will talk about a real cyberattack that happened in 2025. It is called the Aflac Data Breach. Aflac is a big American insurance company. In June 2025, hackers stole the personal information of over 22 million people. This attack is very important because the hackers did not use any special software. They used phone calls and fake emails to trick Aflac employees. That is how they got in. 💡 Tip: Speak slowly and clearly. Look at the audience, not at your notes. SLIDE 2 — Agenda ⏱ About 30 seconds Here is what I will cover today. First, I will explain what happened — who was attacked and how. Then I will talk about what data was stolen. After that, I will explain why it happened and what security problems made it possible. Finally, I will give recommendations to protect our company, NextGen Digital Solutions, from the same kind of attack. 💡 Tip: Keep this slide short. Just tell the audience what is coming next. SLIDE 3 — What Happened (Incident Overview) ⏱ About 2 minutes Aflac is a very large insurance company in America. It has millions of customers and holds a lot of private information about people — like their health records and personal details. On 12 June 2025, Aflac found that something strange was happening on their computer systems. They stopped it quickly — but the damage was already done. In December 2025, Aflac told the public that the personal information of 22.65 million people had been stolen. That is a very large number. The group that did this attack is called Scattered Spider. They are a cybercrime group. They are mainly young people from the US and UK. They are very good at tricking people — not at hacking computers directly..

This was not a ransomware attack. The hackers did not lock any files or ask for money to unlock them. They just quietly took the data and left. Nobody noticed until much later. By March 2026, more than 20 court cases have been opened against Aflac, and the US government is also investigating. 💡 Tip: Point to the three number boxes on the right of the slide when you say '22.65 million', '£3.8 million', and '20+ lawsuits'. Big numbers get attention. SLIDE 4 — What Data Was Stolen? ⏱ About 1 minute 30 seconds So what exactly did the hackers take? They stole very sensitive personal information. This includes: full names, home addresses, dates of birth, and Social Security Numbers. A Social Security Number is like a national ID number in America — very important and very dangerous if stolen. They also stole health insurance details and medical information. In America, this type of data is protected by a law called HIPAA. Because health data was stolen, Aflac had to report the breach to the US government and the FBI. Most of the people affected — about 68 out of every 100 — were Aflac customers. The rest were Aflac employees, insurance agents, and family members on policies. The danger for victims is very serious. With a stolen Social Security Number, criminals can open bank accounts, take out loans, or even file tax returns in someone else's name. This can cause problems for years. 💡 Tip: You can point to the bar chart on the right and say: 'As you can see, most victims were regular customers.' SLIDE 5 — How Could This Have Been Prevented? ⏱ About 2 minutes Now I will talk about what Aflac could have done differently to stop this attack. 1. Better login security (MFA) Aflac used a type of login protection called push-notification MFA. This sends a message to your phone saying 'approve or deny this login'. Scattered Spider is very good at tricking people into pressing approve. If Aflac had used a stronger type — called a hardware security key — this trick would not have worked. 2. Train employees about phone scams The hackers called Aflac employees on the phone and pretended to be someone else. Employees were not trained well enough to spot this. Regular training on how to spot fake calls and fake emails would have helped a lot. 3. Zero Trust Security After the hackers got in through one account, they moved around the system freely. A Zero Trust system means every person and every computer must prove who they are — every single time. This stops hackers from moving around so easily. 4. Watch what data is leaving the company.

Millions of records left the company without anyone noticing. A tool called Data Loss Prevention (DLP) watches for unusual activity — like a lot of data being sent out at once — and sends an alert. Aflac did not have this. 5. Use threat intelligence In June 2025, Google's security team warned that Scattered Spider was attacking insurance companies. Aflac was attacked that same month. If Aflac had been monitoring these warnings, they might have been ready. 💡 Tip: You do not need to read every point in full. Explain the first two or three clearly, then briefly mention the others. SLIDE 6 — Why Did This Happen? (Root Cause) ⏱ About 1 minute 30 seconds Now let me explain the main reason this attack happened. The number one reason is very simple: the hackers tricked people. They did not find a bug in Aflac's software. They did not break through a firewall. They made phone calls and sent emails pretending to be someone else. Then they asked employees to give them access — and the employees did. This is called social engineering. It means using tricks to manipulate people instead of using technology to break systems. The second reason is that the login protection was not strong enough. The type of MFA Aflac used can be beaten. Many companies still use it today even though hackers have been bypassing it for years. The third reason is that once the hackers were inside, they could move around the whole network. There were not enough barriers to stop them going from one system to another. Good security means even if someone gets in through one door, they cannot reach everything else. On the right side of the slide, you can see missed opportunities — for example, a public warning was made about Scattered Spider targeting insurance companies, but Aflac was still not prepared. 💡 Tip: Keep this section clear and simple. The key message is: the attack started with a phone call, not a technical hack. SLIDE 7 — How Did the Attack Work? (Step by Step) ⏱ About 1 minute 45 seconds Let me walk you through the attack, step by step. Step 1 — The hackers chose their target. Scattered Spider knew that insurance companies hold a lot of valuable personal data. So they targeted several insurance companies at the same time. Step 2 — They tricked employees. They sent fake emails and made phone calls pretending to be IT support or managers. They asked employees to share their login details or to approve a security message on their phone. Step 3 — They got past the login protection. The MFA system sent a message to the employee's phone. The hackers tricked them into pressing approve — so the hackers were now logged in with real, valid credentials. Step 4 — They moved through the system. With a valid login, they were able to look at many different parts of Aflac's network. They found where the customer data was stored. Step 5 — They quietly copied the data. Over a period of time, they copied the records of 22.65 million people and sent it to their own servers. No alarm went off. Nobody noticed. Step 6 — The damage continues. Even now in 2026, the stolen data is being used for fraud. Aflac is facing court cases. Victims are still at risk of identity theft..

The four boxes at the bottom show the key security weaknesses that made each step possible. 💡 Tip: Point to each numbered box as you explain each step. The visual flow helps the audience follow the story. SLIDE 8 — What Should NextGen Digital Solutions Do? ⏱ About 2 minutes Based on everything we have seen from the Aflac breach, here are my five recommendations to protect NextGen Digital Solutions. 1. Security Policy — Zero Trust We should introduce a Zero Trust system. This means no one is automatically trusted — not even people already inside the network. Every user and every device must prove who they are every time they access something important. 2. Train Our Staff We need to run training exercises four times a year. These should include fake phone scam tests and fake phishing email tests. Staff need to know: always check who you are really talking to before giving any access or information. 3. Upgrade Our Technology We must upgrade our login security. Standard phone-approval MFA is not safe enough anymore. We should move to hardware security keys — a small physical device that plugs into a computer. Hackers cannot bypass this remotely. We also need tools to monitor unusual data activity in real time. 4. Regular Security Checks We should test our own security every year — by hiring professionals to try to hack us. This shows us where our weak points are before the real hackers find them. We should also review who has access to sensitive data every three months. 5. Be Ready for an Attack We need a clear plan for what to do if we are attacked. This plan should be practised twice a year. We also need secure backups of all important data that are completely separate from our main systems — so even if we are attacked, we can recover quickly. 💡 Tip: You do not need to read every bullet point on screen. Speak to the main idea of each card. Keep your energy up — this is the most important slide. SLIDE 9 — References ⏱ About 20 seconds All the sources I used are shown here. I used reliable news sources and technology security websites, including TechCrunch, SecurityWeek, and the HIPAA Journal. All references follow Harvard format. 💡 Tip: You do not need to read the references out loud. Just say this short statement and move on. SLIDE 10 — Conclusion ⏱ About 45 seconds.

To finish — the Aflac breach is one of the most important cybersecurity cases of 2025 and 2026. Over 22 million people had their most private information stolen — not because of a software bug, but because of a phone call. A hacker pretended to be someone else, and an employee believed them. This shows us three important things. First — a hacker does not need special tools if they can trick people. Second — weak login security is not enough anymore. And third — quietly stealing data is now more dangerous than locking files with ransomware. For NextGen Digital Solutions, the lesson is clear. We must protect our people just as much as we protect our technology. Both must be strong. Thank you very much. I am happy to answer any questions. 💡 Tip: After you say 'thank you', stop speaking and look at the audience. Do not look down. Wait calmly for questions. Timing Guide Slide Content Time 1 Title Slide ~45 seconds 2 Agenda ~30 seconds 3 What Happened ~2 minutes 4 What Was Stolen ~1 min 30 sec 5 How to Prevent It ~2 minutes 6 Why It Happened ~1 min 30 sec 7 How the Attack Worked ~1 min 45 sec 8 Our Recommendations ~2 minutes 9 References ~20 seconds 10 Conclusion ~45 seconds TOTAL ~13 minutes Possible Questions & Simple Answers Q: Why did nobody notice 22 million records being stolen? A: Because the hackers used real employee login details. To the system, it looked like a normal employee looking at data. There were no tools watching for unusually large amounts of data leaving the company. So nobody noticed. Q: Why is this worse than a ransomware attack? A: With ransomware, a company loses access to data for a while, but they can get it back from a backup. When data is stolen like this, you cannot get it back. The 22 million Social Security Numbers are now in criminal hands forever. Victims can be affected for many years. Q: Would a hardware security key really stop this attack?.

A: Yes, most likely. A hardware security key is a small device that you plug into a computer. It only works on the real website. If a hacker creates a fake website to steal your password, the key does not work — so the hacker cannot log in. Scattered Spider has not found a way to beat this type of protection. Q: Why do hackers target insurance companies? A: Because insurance companies hold a lot of very valuable information in one place — names, addresses, Social Security Numbers, health records, and financial details. That is a large amount of useful data for criminals. It is worth more than data from many other types of companies..